VULHUB ™

Zope is an open source web application server, maintained by the Zope Project. Zope is available for Linux, Unix, and Microsoft Windows based systems. Recent versions of Zope include support for proxy roles. Proxy roles are used to grant additional privileges to users when accessing specific objects. A vulnerability exists in some versions of Zope. The context of the user who creates a proxy role is not taken into account when determining access to the object with the proxy role assigned. Under some circumstances, this may allow users with sufficient privileges who are defined in a subfolder of a site to gain unauthorized access to objects at a higher level in the site.

Zope is an open source web application server, maintained by the Zope Project. Zope is available for Linux, Unix, and Microsoft Windows based systems. Recent versions of Zope include support for proxy roles. Proxy roles are used to grant additional privileges to users when accessing specific objects. A vulnerability exists in some versions of Zope. The context of the user who creates a proxy role is not taken into account when determining access to the object with the proxy role assigned. Under some circumstances, this may allow users with sufficient privileges who are defined in a subfolder of a site to gain unauthorized access to objects at a higher level in the site.